Provisioning virtual private network or dial-up remote access solutions and ensuring steadfast access to your company’s IT resources can be a burden for IT administrators, and in particular for small companies without 24x7 IT support. Remote Web Workplace provides an elegant web-based solution without the complexities often associated with remote access.
Remote Web Workplace (RWW) is a browser-based portal that provides Windows Small Business Server (SBS) users with Outlook Web Access (OWA), SharePoint Server and Remote Desktop (Figure 1). An integral component of SBS, RWW can be accessed by users from any computer connected to the Internet.
Outlook Web Access offers users e-mail and has been improved so that it operates more like its desktop counterpart. An important feature for remote workers, OWA’s Documents tab lets users open files stored in SharePoint libraries or on file servers directly from their OWA session. Figure 2 shows a standard Windows file share and companyweb, which is the default SharePoint site in SBS 2008, added to OWA favorites. Sysadmins can define which file shares or SharePoint libraries are displayed in OWA.
While OWA and SharePoint should cover most users’ remote access needs, Remote Desktop facilitate access to workstations or servers on the internal company network if a particular file or application is required. When connecting to a remote desktop via RWW, users are presented with a list of machines to which they have access, eliminating the need to remember computer names. A default computer also can be chosen should users have permission to connect to several devices (Figure 3).
Windows Server 2008’s Terminal Services Gateway is used to tunnel the Remote Desktop Protocol (RDP) over HTTPS. This makes connections possible from devices connected to public Internet points if the latest Remote Desktop Connection client (version 6.1) is installed with Microsoft’s Terminal Services Client Control enabled in Internet Explorer.
The SBS SharePoint portal is now displayed by default in RWW as Internal Web Site. SharePoint can be used to share files and collaborate with other users in shared workspaces that might include calendars and task lists. SharePoint via RWW can be used as an alternative to giving remote users access to file shares, which traditionally requires some form of VPN or dial-up connection. The default configuration in SBS 2008 places HTTPS connections to SharePoint on port 987; the default HTTPS port 443 is taken by OWA. This could result in failed connections to SharePoint from remote computers using public Internet points, as very often outbound access is limited to ports 80 and 443.
Single sign-on enables users to log in to RWW and use OWA or SharePoint without providing credentials for a second time (although this works only if there are no certificate errors when connecting to RWW). Users can change their password in RWW, but only if their current password is still valid. Microsoft also has included a gadget for Vista’s Sidebar that provides quick access to most of RWW’s features (Figure 4).
RWW is enabled by default in SBS 2008 and can be configured from the Windows SBS Console. Let’s have a look at some of the basic configuration options available for customization and access rights. Log on to SBS 2008 server as an administrator:
If you haven’t yet run through the Connect to the Internet wizard on the Home tab of the Windows SBS console, the address for RWW will be displayed as https://sites/remote. The Connect to the Internet wizard will change the addresses of SBS websites to reflect your company’s Internet domain name. When you install SBS, a self-signed certificate is created to enable HTTPS. However, if you intend to allow access to RWW from any Internet-connected machine, you’ll need to run the Add a trusted certificate wizard on the Home tab to avoid certificate error warnings.
Establishing a Remote Desktop Connection via RWW from computers that are not joined to the SBS domain requires either the installation of a trusted third-party certificate on the server or the installation of the server’s self-signed certificate on the remote computer. To install the server’s self-signed certificate on a nondomain computer, run the InstallCertificate program located in the Certificate Distribution Package folder in the Public Downloads folder of your SBS server.
When user accounts are created in SBS, you can assign an existing computer or add a new computer for the given user. During the account creation process, you also have the option to give the user remote access to their assigned machine. To change which users can access a computer, you need to modify the user list in User Access properties for the given computer on the Network tab (Figure 6).